On 25 Feb 2005, at 11:52 AM, Rick van Rein wrote:
The specification of the MPI format has a *flaw* that forces compliant
implementations to do more work than desired or intended. This is
outright embarassing in a standard.
Perhaps I'm just stupid, but I don't see what the ambiguity is, or what
needs to be fixed, other than that you've changed the explanatory
example. Especially with Ben Laurie's comment that unused bits MBZ, I
don't see any any room for even willful error in it.
This language has been sitting in 2440 and followons since '97. No one
has ever had a problem implementing it, no one has had an
interoperability issue with bignums. Not PGP, nor GnuPG, nor Hushmail,
nor Cryptix, nor Forum, nor Bouncy Castle, nor anyone else.
I know I'm in the fog of jetlag and flu, but I don't see how your
example of [00 05 22] could possibly be interpreted as a decimal 17. I
can see how you might think it 0x22 (decimal 34) with a bad length, or
a 2 with a bad length and garbage in the unused bits (now clarified by
Ben Laurie). I think that the point you're trying to make is that is is
conceivable that [00 05 31] a 17.
However, the existing text says:
These octets form a big-endian number; a big-endian number can be
made into an MPI by prefixing it with the appropriate length.
The length field of an MPI describes the length starting from its
most significant non-zero bit. Thus, the MPI [00 02 01] is not
formed correctly. It should be [00 01 01].
Even without the MBZ clarification, I think this tells us that the
*natural* formation of a 17 as an MPI to be [00 05 11]. The second
paragraph says that [00 06 11] is not legal because the sixth bit of
0x11 is zero, and that [00 05 31] is not legal because that sixth bit
is now the most significant non-zero bit. Bis13 (which presently only I
have) adds in:
Unused bits of an MPI MUST be zero.
which seems to me to remove all realms for misinterpretation.
The first paragraph shows that the natural way to form an MPI would
bring you to [00 05 11]. The second shows that [00 05 i] where i > 0x1f
is not legal. Please help me understand how I would evaluate [00 05
22], [00 05 44], and [00 05 88] to be a 17. Without the MBZ
clarification, I can see how they might be naively be seen to be 2, 4,
and 8 respectively, but I think that the MBZ clarification removes even
the naive misunderstanding. I just don't see how they're 17. Let me
know and I'll fix it, really I will.